Lucene search
K

4 matches found

Snyk
Snyk
added 2026/07/06 8:42 p.m.5 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the GdImageFile.open process. An attacker can cause excessive memory allocation by supplying a crafted .gd file that bypasses decompression bomb checks. Remediation Upgrade pillow to versio...

8.7CVSS6AI score0.00361EPSS
Exploits1References2
NVD
NVD
added 2026/07/06 7:17 p.m.8 views

CVE-2026-54059

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS0.00354EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.7 views

CVE-2026-20058

Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. These vulnerabilities are due to improper error checking when decompressing VBA data. An attacker could exploit...

5.8CVSS6AI score0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/11 2:30 p.m.13 views

CVE-2024-57850 jffs2: Prevent rtime decompress memory corruption

In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed...

0.00215EPSS
Exploits0References7
Rows per page
Query Builder